persistence

package
v3.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const LegacyAuthServerName = "legacy"

UPGRADING (v2): LegacyAuthServerName is the name of the default server created by the v2v3 upgrade.

Variables

View Source 
var DefaultConfigTuningEntry = ConfigTuningEntry{
	ProviderTimeoutSeconds:            30,
	ProviderTimeoutExpiryLeewayFactor: 1.5,
	RefreshCheckIntervalSeconds:       60,
	RefreshExpiryDeltaFactor:          1.2,
	ReapCheckIntervalSeconds:          300,
	ReapDryRun:                        false,
	ReapNonRefreshableSeconds:         86400,
	ReapRevokedSeconds:                3600,
	ReapTransientErrorAttempts:        10,
	ReapTransientErrorSeconds:         86400,
	ReapServerDeletedSeconds:          86400,
}

Functions

func IsConfigKey 

func IsConfigKey(key string) bool

Types

type AuthCodeEntry 

type AuthCodeEntry struct {
	// We embed a *provider.Token as the base type. This ensures compatibility
	// and keeps storage size reasonable because this will be the default
	// configuration.
	*provider.Token `json:",inline"`

	// AuthServerName is the authorization server we should use to handle this
	// entry.
	AuthServerName string `json:"auth_server_name"`

	// MaximumExpirySeconds caps issued auth tokens to a desired lifetime.
	MaximumExpirySeconds int `json:"maximum_expiry_seconds,omitempty"`

	// LastIssueTime is the most recent time a token was successfully issued.
	LastIssueTime time.Time `json:"last_issue_time,omitempty"`

	// AuthServerError indicates that the actual backing server and provider
	// could not be acquired to make this token request.
	AuthServerError string `json:"auth_server_error,omitempty"`

	// UserError is used to store a permanent error that indicates the end of
	// this token's usable lifespan.
	UserError string `json:"user_error,omitempty"`

	// TransientErrorsSinceLastIssue is a counter of the number of transient
	// errors encountered since the last time the token was successfully issued
	// (either originally or by refresh).
	TransientErrorsSinceLastIssue int `json:"transient_errors_since_last_issue,omitempty"`

	// If TransientErrorsSinceLastIssue > 0, this holds the last transient error
	// encountered to include as a warning (if the token is still valid) or
	// error on the response.
	LastTransientError string `json:"last_transient_error,omitempty"`

	// If the most recent exchange did not succeed, this holds the time that
	// exchange occurred.
	LastAttemptedIssueTime time.Time `json:"last_attempted_issue_time,omitempty"`
}

func (*AuthCodeEntry) SetAuthServerError 

func (ace *AuthCodeEntry) SetAuthServerError(ctx context.Context, err string)

func (*AuthCodeEntry) SetToken 

func (ace *AuthCodeEntry) SetToken(ctx context.Context, tok *provider.Token)

func (*AuthCodeEntry) SetTransientError 

func (ace *AuthCodeEntry) SetTransientError(ctx context.Context, err string)

func (*AuthCodeEntry) SetUserError 

func (ace *AuthCodeEntry) SetUserError(ctx context.Context, err string)

func (*AuthCodeEntry) TokenIssued 

func (ace *AuthCodeEntry) TokenIssued() bool

TokenIssued indicates whether a token has been issued at all.

For certain grant types, like device code flow, we may not have an access token yet. In that case, we must wait for a polling process to update this value. A temporary error will be returned.

type AuthCodeHolder 

type AuthCodeHolder struct {
	// contains filtered or unexported fields
}

func (*AuthCodeHolder) Manager 

func (ach *AuthCodeHolder) Manager(storage logical.Storage) *AuthCodeManager

func (*AuthCodeHolder) WithLock 

func (ach *AuthCodeHolder) WithLock(keyer AuthCodeKeyer, fn func(*LockedAuthCodeHolder) error) error

type AuthCodeKey 

type AuthCodeKey string

func (AuthCodeKey) AuthCodeKey 

func (ack AuthCodeKey) AuthCodeKey() string

func (AuthCodeKey) DeviceAuthKey 

func (ack AuthCodeKey) DeviceAuthKey() string

type AuthCodeKeyer 

type AuthCodeKeyer interface {
	// AuthCodeKey returns the storage key for storing AuthCodeEntry objects.
	AuthCodeKey() string

	// DeviceAuthKey returns the storage key for storing DeviceAuthEntry
	// objects.
	DeviceAuthKey() string
}

func AuthCodeName 

func AuthCodeName(name string) AuthCodeKeyer

type AuthCodeLocker 

type AuthCodeLocker interface {
	WithLock(AuthCodeKeyer, func(*LockedAuthCodeHolder) error) error
}

type AuthCodeManager 

type AuthCodeManager struct {
	// contains filtered or unexported fields
}

func (*AuthCodeManager) DeleteAuthCodeEntry 

func (acm *AuthCodeManager) DeleteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) error

func (*AuthCodeManager) DeleteDeviceAuthEntry 

func (acm *AuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) error

func (*AuthCodeManager) ForEachAuthCodeKey 

func (acm *AuthCodeManager) ForEachAuthCodeKey(ctx context.Context, fn func(AuthCodeKeyer) error) error

func (*AuthCodeManager) ForEachDeviceAuthKey 

func (acm *AuthCodeManager) ForEachDeviceAuthKey(ctx context.Context, fn func(AuthCodeKeyer) error) error

func (*AuthCodeManager) ReadAuthCodeEntry 

func (acm *AuthCodeManager) ReadAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) (*AuthCodeEntry, error)

func (*AuthCodeManager) ReadDeviceAuthEntry 

func (acm *AuthCodeManager) ReadDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) (*DeviceAuthEntry, error)

func (*AuthCodeManager) WriteAuthCodeEntry 

func (acm *AuthCodeManager) WriteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer, entry *AuthCodeEntry) error

func (*AuthCodeManager) WriteDeviceAuthEntry 

func (acm *AuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer, entry *DeviceAuthEntry) error

type AuthServerEntry 

type AuthServerEntry struct {
	Name string `json:"name"`

	ClientID        string            `json:"client_id"`
	ClientSecrets   []string          `json:"client_secrets"`
	AuthURLParams   map[string]string `json:"auth_url_params"`
	ProviderName    string            `json:"provider_name"`
	ProviderVersion int               `json:"provider_version"`
	ProviderOptions map[string]string `json:"provider_options"`
}

type AuthServerHolder 

type AuthServerHolder struct {
	// contains filtered or unexported fields
}

func (*AuthServerHolder) Manager 

func (ash *AuthServerHolder) Manager(storage logical.Storage) *AuthServerManager

func (*AuthServerHolder) WithLock 

func (ash *AuthServerHolder) WithLock(keyer AuthServerKeyer, fn func(*LockedAuthServerHolder) error) error

type AuthServerKey 

type AuthServerKey string

func (AuthServerKey) AuthServerKey 

func (ack AuthServerKey) AuthServerKey() string

type AuthServerKeyer 

type AuthServerKeyer interface {
	// AuthServerKey returns the storage key for storing AuthServerEntry
	// objects.
	AuthServerKey() string
}

func AuthServerKeyFromStorage 

func AuthServerKeyFromStorage(key string) (AuthServerKeyer, bool)

func AuthServerName 

func AuthServerName(name string) AuthServerKeyer

type AuthServerLocker 

type AuthServerLocker interface {
	WithLock(AuthServerKeyer, func(*LockedAuthServerHolder) error) error
}

type AuthServerManager 

type AuthServerManager struct {
	// contains filtered or unexported fields
}

func (*AuthServerManager) DeleteAuthServerEntry 

func (asm *AuthServerManager) DeleteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) error

func (*AuthServerManager) ForEachAuthServerKey 

func (asm *AuthServerManager) ForEachAuthServerKey(ctx context.Context, fn func(AuthServerKeyer) error) error

func (*AuthServerManager) ReadAuthServerEntry 

func (asm *AuthServerManager) ReadAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) (*AuthServerEntry, error)

func (*AuthServerManager) WriteAuthServerEntry 

func (asm *AuthServerManager) WriteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer, entry *AuthServerEntry) error

type ClientCredsEntry 

type ClientCredsEntry struct {
	Token *provider.Token `json:"token"`

	// AuthServerName is the authorization server we should use to handle this
	// entry.
	AuthServerName string `json:"auth_server_name"`

	// MaximumExpirySeconds caps issued auth tokens to a desired lifetime.
	MaximumExpirySeconds int `json:"maximum_expiry_seconds,omitempty"`

	Config struct {
		Scopes          []string          `json:"scopes"`
		TokenURLParams  map[string]string `json:"token_url_params"`
		ProviderOptions map[string]string `json:"provider_options"`
	} `json:"config"`
}

func (*ClientCredsEntry) SetToken added in v3.1.0 

func (cce *ClientCredsEntry) SetToken(ctx context.Context, tok *provider.Token)

type ClientCredsHolder 

type ClientCredsHolder struct {
	// contains filtered or unexported fields
}

func (*ClientCredsHolder) Manager 

func (cch *ClientCredsHolder) Manager(storage logical.Storage) *ClientCredsManager

func (*ClientCredsHolder) WithLock 

func (cch *ClientCredsHolder) WithLock(keyer ClientCredsKeyer, fn func(*LockedClientCredsHolder) error) error

type ClientCredsKey 

type ClientCredsKey string

func (ClientCredsKey) ClientCredsKey 

func (ack ClientCredsKey) ClientCredsKey() string

type ClientCredsKeyer 

type ClientCredsKeyer interface {
	// ClientCredsKey returns the storage key for storing ClientCredsEntry
	// objects.
	ClientCredsKey() string
}

func ClientCredsName 

func ClientCredsName(name string) ClientCredsKeyer

type ClientCredsLocker 

type ClientCredsLocker interface {
	WithLock(ClientCredsKeyer, func(*LockedClientCredsHolder) error) error
}

type ClientCredsManager 

type ClientCredsManager struct {
	// contains filtered or unexported fields
}

func (*ClientCredsManager) DeleteClientCredsEntry 

func (ccm *ClientCredsManager) DeleteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) error

func (*ClientCredsManager) ForEachClientCredsKey 

func (ccm *ClientCredsManager) ForEachClientCredsKey(ctx context.Context, fn func(ClientCredsKeyer) error) error

func (*ClientCredsManager) ReadClientCredsEntry 

func (ccm *ClientCredsManager) ReadClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) (*ClientCredsEntry, error)

func (*ClientCredsManager) WriteClientCredsEntry 

func (ccm *ClientCredsManager) WriteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer, entry *ClientCredsEntry) error

type ConfigEntry 

type ConfigEntry struct {
	Version       ConfigVersion     `json:"version"`
	DefaultServer string            `json:"default_server"`
	Tuning        ConfigTuningEntry `json:"tuning"`
}

type ConfigHolder 

type ConfigHolder struct {
	// contains filtered or unexported fields
}

func (*ConfigHolder) Manager 

func (ch *ConfigHolder) Manager(storage logical.Storage) *ConfigManager

func (*ConfigHolder) WithLock 

func (ch *ConfigHolder) WithLock(fn func(*LockedConfigHolder) error) error

type ConfigLocker 

type ConfigLocker interface {
	WithLock(func(*LockedConfigHolder) error) error
}

type ConfigManager 

type ConfigManager struct {
	// contains filtered or unexported fields
}

func (*ConfigManager) DeleteConfig 

func (cm *ConfigManager) DeleteConfig(ctx context.Context) error

func (*ConfigManager) ReadConfig 

func (cm *ConfigManager) ReadConfig(ctx context.Context) (*ConfigEntry, error)

func (*ConfigManager) WriteConfig 

func (cm *ConfigManager) WriteConfig(ctx context.Context, entry *ConfigEntry) error

type ConfigTuningEntry 

type ConfigTuningEntry struct {
	ProviderTimeoutSeconds            int     `json:"provider_timeout_seconds"`
	ProviderTimeoutExpiryLeewayFactor float64 `json:"provider_timeout_expiry_leeway_factor"`
	RefreshCheckIntervalSeconds       int     `json:"refresh_check_interval_seconds"`
	RefreshExpiryDeltaFactor          float64 `json:"refresh_expiry_delta_factor"`
	ReapCheckIntervalSeconds          int     `json:"reap_check_interval_seconds"`
	ReapDryRun                        bool    `json:"reap_dry_run"`
	ReapNonRefreshableSeconds         int     `json:"reap_non_refreshable_seconds"`
	ReapRevokedSeconds                int     `json:"reap_revoked_seconds"`
	ReapTransientErrorAttempts        int     `json:"reap_transient_error_attempts"`
	ReapTransientErrorSeconds         int     `json:"reap_transient_error_seconds"`
	ReapServerDeletedSeconds          int     `json:"reap_server_deleted_seconds"`
}

type ConfigVersion 

type ConfigVersion int
const (
	ConfigVersionInitial ConfigVersion = iota
	ConfigVersion1
	ConfigVersion2
	ConfigVersion3
	ConfigVersion4
	ConfigVersionLatest = ConfigVersion4
)

func (ConfigVersion) SupportsTuningProviderTimeout 

func (cv ConfigVersion) SupportsTuningProviderTimeout() bool

func (ConfigVersion) SupportsTuningReap 

func (cv ConfigVersion) SupportsTuningReap() bool

func (ConfigVersion) SupportsTuningReapServerDeleted 

func (cv ConfigVersion) SupportsTuningReapServerDeleted() bool

func (ConfigVersion) SupportsTuningRefresh 

func (cv ConfigVersion) SupportsTuningRefresh() bool

func (ConfigVersion) SupportsTuningRefreshExpiryDelta 

func (cv ConfigVersion) SupportsTuningRefreshExpiryDelta() bool

type DeviceAuthEntry 

type DeviceAuthEntry struct {
	DeviceCode             string            `json:"device_code"`
	Interval               int32             `json:"interval"`
	LastAttemptedIssueTime time.Time         `json:"last_attempted_issue_time"`
	ProviderOptions        map[string]string `json:"provider_options"`
}

func (*DeviceAuthEntry) ShouldPoll 

func (dae *DeviceAuthEntry) ShouldPoll(ctx context.Context) bool

type Holder 

type Holder struct {
	Config      *ConfigHolder
	AuthCode    *AuthCodeHolder
	AuthServer  *AuthServerHolder
	ClientCreds *ClientCredsHolder
}

func NewHolder 

func NewHolder() *Holder

type LockedAuthCodeHolder 

type LockedAuthCodeHolder struct {
	// contains filtered or unexported fields
}

func (*LockedAuthCodeHolder) Manager 

func (lach *LockedAuthCodeHolder) Manager(storage logical.Storage) *LockedAuthCodeManager

type LockedAuthCodeManager 

type LockedAuthCodeManager struct {
	// contains filtered or unexported fields
}

func (*LockedAuthCodeManager) DeleteAuthCodeEntry 

func (lacm *LockedAuthCodeManager) DeleteAuthCodeEntry(ctx context.Context) error

func (*LockedAuthCodeManager) DeleteDeviceAuthEntry 

func (lacm *LockedAuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context) error

func (*LockedAuthCodeManager) ReadAuthCodeEntry 

func (lacm *LockedAuthCodeManager) ReadAuthCodeEntry(ctx context.Context) (*AuthCodeEntry, error)

func (*LockedAuthCodeManager) ReadDeviceAuthEntry 

func (lacm *LockedAuthCodeManager) ReadDeviceAuthEntry(ctx context.Context) (*DeviceAuthEntry, error)

func (*LockedAuthCodeManager) WriteAuthCodeEntry 

func (lacm *LockedAuthCodeManager) WriteAuthCodeEntry(ctx context.Context, entry *AuthCodeEntry) error

func (*LockedAuthCodeManager) WriteDeviceAuthEntry 

func (lacm *LockedAuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, entry *DeviceAuthEntry) error

type LockedAuthServerHolder 

type LockedAuthServerHolder struct {
	// contains filtered or unexported fields
}

func (*LockedAuthServerHolder) Manager 

func (lash *LockedAuthServerHolder) Manager(storage logical.Storage) *LockedAuthServerManager

type LockedAuthServerManager 

type LockedAuthServerManager struct {
	// contains filtered or unexported fields
}

func (*LockedAuthServerManager) DeleteAuthServerEntry 

func (lasm *LockedAuthServerManager) DeleteAuthServerEntry(ctx context.Context) error

func (*LockedAuthServerManager) ReadAuthServerEntry 

func (lasm *LockedAuthServerManager) ReadAuthServerEntry(ctx context.Context) (*AuthServerEntry, error)

func (*LockedAuthServerManager) WriteAuthServerEntry 

func (lasm *LockedAuthServerManager) WriteAuthServerEntry(ctx context.Context, entry *AuthServerEntry) error

type LockedClientCredsHolder 

type LockedClientCredsHolder struct {
	// contains filtered or unexported fields
}

func (*LockedClientCredsHolder) Manager 

func (lcch *LockedClientCredsHolder) Manager(storage logical.Storage) *LockedClientCredsManager

type LockedClientCredsManager 

type LockedClientCredsManager struct {
	// contains filtered or unexported fields
}

func (*LockedClientCredsManager) DeleteClientCredsEntry 

func (lccm *LockedClientCredsManager) DeleteClientCredsEntry(ctx context.Context) error

func (*LockedClientCredsManager) ReadClientCredsEntry 

func (lccm *LockedClientCredsManager) ReadClientCredsEntry(ctx context.Context) (*ClientCredsEntry, error)

func (*LockedClientCredsManager) WriteClientCredsEntry 

func (lccm *LockedClientCredsManager) WriteClientCredsEntry(ctx context.Context, entry *ClientCredsEntry) error

type LockedConfigHolder 

type LockedConfigHolder struct{}

func (*LockedConfigHolder) Manager 

func (lch *LockedConfigHolder) Manager(storage logical.Storage) *LockedConfigManager

type LockedConfigManager 

type LockedConfigManager struct {
	// contains filtered or unexported fields
}

func (*LockedConfigManager) DeleteConfig 

func (lcm *LockedConfigManager) DeleteConfig(ctx context.Context) error

func (*LockedConfigManager) ReadConfig 

func (lcm *LockedConfigManager) ReadConfig(ctx context.Context) (*ConfigEntry, error)

func (*LockedConfigManager) WriteConfig 

func (lcm *LockedConfigManager) WriteConfig(ctx context.Context, entry *ConfigEntry) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.